How To Enable USB Key Authentication On Facebook

A Facebook user will need to enable ‘Login Approvals’ from the Security Settings page, and instead of generating a login code via SMS/email, the user simply plugs in the USB drive for identity verification Facebook USB Key Authentication. The two-factor login approvals were built so that even if a hacker gains access to a user’s password it will be hard for them to login through an unregistered PC or mobile device. However, with a physical USB key, Facebook claims that it provides protection from phishing attacks and faster logins through PCs and mobile devices with just a tap of the USB key

Step 2: In the Security Keys section, click the Add Key link and the Add Key button in the dialog that appears.

Step 3: When the prompt appears, plug in your USB key and tap its button when its light starts blinking.

Step 4: Once your key has been added, you’ll be prompted to re-enter your password to confirm the addition and to select a name to represent the physical key.

Step 5: When the process is completed, your newly added key will be visible under the Security Keys section.

If you’re not used to physical authentication keys, here are a few good practices:

Have backups keys: Just like everything else that fits in your pocket, keys can get lost (or possibly stolen). Therefore, you should have backup keys. Facebook’s security settings allow you to add multiple keys and to remove lost or broken ones.

Have backup methods: For the moment, only the Facebook desktop website supports USB authentication, and the mobile website supports NFC-based keys such as the YubiKey Neo. Facebook’s mobile apps do not support physical keys yet. Therefore, you should still keep your app or SMS authentication enabled as a backup method.

Facebook’s USB authentication is not mandatory, but it is a welcomed move, as cybercriminals are targeting social media platforms at an accelerating pace. Hopefully, other social media services will follow suit and enable privacy-conscious users to breathe a sigh of relief.

Physical keys are supposed to be more effective than mobile apps and SMS verification, because there’s no chance of phishing or man-in-the-middle attacks. They’re also potentially faster — just a tap on the physical key and you should have access to your Facebook account. It’s a welcome move from the company, which is also announcing a redesigned Privacy Basics page today.